Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Typo: Apache License missing dash: Affects PyPI License Declaration #435

Merged
merged 1 commit into from
Feb 22, 2024

Conversation

WilliamRoyNelson
Copy link
Contributor

Poetry requires an EXACT match for the License name in order to auto-populate classifiers. Changed Apache 2.0 to Apache-2.0

From version 1.1.0 forward, after switching to Poetry, PyPI has displayed the license as:
License: Other/Proprietary License (Apache 2.0)

PyPI should say:
License: Apache Software License (Apache 2.0)

This is caused by the License not being an exact match to what Poetry is expecting.

This is a problem because within enterprise environments, packages are often scanned for security and legal risks. A proprietary, i.e., non-open license can be a legal issue, so it's important to have a proper license declaration to allow automated tools to make a proper evaluation.

Poetry code reference:
https://github.com/python-poetry/poetry-core/blob/219c52e6cb8b086c78f25bbfa1168d0a3096fb31/src/poetry/core/spdx/license.py#L29

@WilliamRoyNelson WilliamRoyNelson changed the title Typo: Apache License missing dash Typo: Apache License missing dash: Affects PyPI License Declaration Feb 21, 2024
@tombh
Copy link
Collaborator

tombh commented Feb 21, 2024

Thank you for this. Indeed it's important. There's the pedantic Conventional Commits linter that wants the first commit message to be in lower case: https://github.com/openlawlibrary/pygls/actions/runs/7994017777/job/21834287284?pr=435#step:7:27 I really should relax that requirement.

Poetry requires an EXACT match for the License name in order to auto-populate classifiers. Changed "Apache 2.0" to "Apache-2.0"
@WilliamRoyNelson
Copy link
Contributor Author

Thank you for this. Indeed it's important. There's the pedantic Conventional Commits linter that wants the first commit message to be in lower case: https://github.com/openlawlibrary/pygls/actions/runs/7994017777/job/21834287284?pr=435#step:7:27 I really should relax that requirement.

I think I fixed the commit. The whole point of this PR is to fix a single character that's throwing off an automated tool, so it'd be a little hypocritical for me to not hold myself to the same kind of standard.

@tombh tombh self-requested a review February 22, 2024 02:33
@tombh tombh merged commit 959241e into openlawlibrary:main Feb 22, 2024
16 checks passed
@tombh
Copy link
Collaborator

tombh commented Feb 22, 2024

Haha, fair comment. Great, so it's merged now. When would you like to see a formal release? I can do it soon. Otherwise I'd wait a while to see if we get any more PRs in so I can release them all at once.

@WilliamRoyNelson
Copy link
Contributor Author

I don't have an urgent need for a release. I'm sure it'll be fine if a few more PRs get merged in first.

@tombh
Copy link
Collaborator

tombh commented Feb 22, 2024

Okay, but please don't hesitate to bump me if you want it sooner.

@adongy
Copy link

adongy commented Mar 26, 2024

Hi,

Sorry to bump this but I was hit by the same warning from an automated tool. Would it be possible to know when the next release will be cut?

Thanks.

@tombh tombh mentioned this pull request Mar 26, 2024
@tombh
Copy link
Collaborator

tombh commented Mar 26, 2024

No worries at all. I've just made the PR for the release, as soon as it gets reviewed, I'll make the release.

@tombh
Copy link
Collaborator

tombh commented Mar 26, 2024

Released: https://pypi.org/project/pygls/1.3.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants